Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications Network

Millions of Smartphones in 11 Countries Were Taken Offline Yesterday by an Expired Certificate (theverge.com) 34

Ericsson has confirmed that a fault with its software was the source of yesterday's massive network outage, which took millions of smartphones offline across the UK and Japan and created issues in almost a dozen countries. From a report: In a statement, Ericsson said that the root cause was an expired certificate, and that "the faulty software that has caused these issues is being decommissioned." The statement notes that network services were restored to most customers on Thursday, while UK operator O2 said that its 4G network was back up as of early Friday morning.

Although much of the focus was paid to outages on O2 in the UK and Softbank in Japan. Ericsson later confirmed to Softbank that issues had simultaneously affected telecom carriers who'd installed Ericsson-made devices across a total of 11 countries. Softbank said that the outage affected its own network for just over four hours.

This discussion has been archived. No new comments can be posted.

Millions of Smartphones in 11 Countries Were Taken Offline Yesterday by an Expired Certificate

Comments Filter:
  • Why is this a story again, because someone (thing) forgot to renew a cert that then affected a few (for large values) countries? It should be news if it HADN'T have dropped them out.

    OTOH these are the people tasks with keeping your phones and conversations "safe." What OTHER minor things have they overlooked? (Everyone, not just them. They're just at the head of the line right now.)
    • I agree with the sentiment, but since this caused a cell network outage it's a bigger story. Also, the fact that a large company like this didn't have procedures in place for tracking renewal of certificates makes it a bigger deal. Like you mention, if they don't have these procedures in place, it calls into question how they're handling keys and other security-related items.
  • ... about using a major player smartphone. Eyeing and considering Sailfish and old Blackberry on a regular basis.

    • You misunderstand. (Score:5, Informative)

      by Anonymous Coward on Friday December 07, 2018 @11:30AM (#57766118)

      This wasn't Ericsson brand cell phones going offline because of this certificate. This was *ENTIRE CELL NETWORKS* going offline because the backend hardware's certificates were being rejected because they expired without replacement certificates in place.

      Having a different brand of cell phone doesn't help if your phone is rightly rejecting expired certificates from the cell network, or if the cell network is not authorizing new cellular connections because it can't connect to servers.

      This was likely a backend problem, either with authentication servers for the basestation/router licenses, or some centralized bckend service that was actually web based.

      • Things like "Certificate renewal" and "DNS renewal" should have reminders (or errors, or whatever) in your monitoring tool, well in advance. That can be an extra double-check to make sure you get it done, in case you forget (or quit, and someone replaces you has to do it).
        • Things like "Certificate renewal" and "DNS renewal" should have reminders (or errors, or whatever) in your monitoring tool,

          Some of my clients have every piece of infrastructure monitored that can possibly go wrong, and some that probably can't.

          Meanwhile, our local ILEC will happily tell you that they don't need to monitor anything because customers will call and let them know what's out.

          The difference? The ILEC is not subject to competitive pressures; they benefit from a monopoly grant from the State and a

  • It canâ(TM)t be considered critical enough. At work we have three teams that get alarms of expiring certificates, just to make sure it doesnâ(TM)t fall through the cracks. The next phase will be complete automation of the renewal process against the internal CA, with a review before the final deployment of the renewed cert.

  • Thanks Ericsson (Score:2, Insightful)

    by PPH ( 736903 )

    Time to switch to Huawei.

  • Along with half of all malicious websites having TLS / SSLs ...

    Goes to show our security systems are more hazardous than the bad guys.
  • As a thought experiment, what will it look like when this happens to a network of connected self driving cars?

    I say "when", not "if". I can't think of a way that this doesn't happen someday.

    For starters, emergency vehicles will not be able to get through the resulting traffic jams after a few million cars come to a stop.

    On the bright side, you'll probably still be able to read the ads on the entertainment system

  • We need to start doing IT with professionals. You know, with people that actually have a clue what they are doing. Sure, they will cost more individually, but overall the whole thing will get a lot cheaper as such major pathetic fuckups will become very rare.

news: gotcha

Working...